VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026

CVE-2026-31556

CVE-2026-31556

Description

In the Linux kernel, the following vulnerability has been resolved:

xfs: scrub: unlock dquot before early return in quota scrub

xchk_quota_item can return early after calling xchk_fblock_process_error. When that helper returns false, the function returned immediately without dropping dq->q_qlock, which can leave the dquot lock held and risk lock leaks or deadlocks in later quota operations.

Fix this by unlocking dq->q_qlock before the early return.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel XFS quota scrubber, a missing unlock before early return can leave a dquot lock held, risking lock leaks or deadlocks.

Vulnerability

Overview

In the Linux kernel's XFS filesystem, the xchk_quota_item function in the scrub subsystem has a missing unlock bug. When xchk_fblock_process_error returns false, the function can return early without dropping dq->q_qlock. This leaves the dquot lock acquired, which can lead to lock leaks or deadlocks in subsequent quota operations.

Exploitation

Context

This is a local vulnerability that can be triggered by a user with sufficient privileges to initiate XFS scrub operations on a filesystem that uses quota. The attacker does not need network access. The bug lies in the error handling path within the quota scrub code. By causing a specific error condition during scrub, the lock can be left held, potentially causing a denial of service due to deadlock or lock contention.

Impact

An attacker could exploit this to cause a deadlock in the kernel, preventing further quota operations and potentially affecting overall system stability. The CVSS v3 base score is 5.5 (Medium), reflecting the local attack vector and the availability impact. There is no evidence of remote exploitation or privilege escalation beyond the immediate denial of service.

Mitigation

The fix, which adds the missing unlock before the early return, has been committed to the Linux kernel stable tree. Users should apply the corresponding stable kernel updates that include this commit. The references [1], [2], [3], [4] point to the fix commits for different stable branches. No workaround other than patching is mentioned.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Linux/Kernel9 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.8.1,<6.12.80
    • cpe:2.3:o:linux:linux_kernel:6.8:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.